Infoblox Threat Intel

Revolver Rabbit

Revolver Rabbit is a DNS actor in the advertising industry; they created over 500,000 domains using a registered domain generation algorithm (RDGA) between February 2022 and July 2024. Their domains constitute the largest and one of the most varied RDGA networks that we have detected to date.

Operating since: At least February 2022
Infoblox discovered: March 2023
Infoblox published: July 2024
Prevalence: Uncommon

Threat actor resources

Media Article

Tech Radar
July 19, 2024

Criminals are spending millions on malicious domains — and it's paying off for them in a big way

To host command and control (C2) servers, distribute malware, or perform other malicious activities, hackers need a domain name.

Media Article

Bleeping Computer
July 18, 2024

Revolver Rabbit gang registers 500,000 domains for malware campaigns

A cybercriminal gang that researchers track as Revolver Rabbit has registered more than 500,000 domain names for infostealer campaigns that target Windows and macOS systems.

Media Article

Scoop (213K UVM)
July 18, 2024

Revolver Rabbit’s Million-Dollar Masquerade: Infoblox Uncovers The Hidden World of RDGAs

Infoblox Threat Intel has developed multiple algorithms to discover and track RDGAs in the wild, including patent pending detection of emerging clusters of RDGA domains.

Press Release

Infoblox Threat Intel
July 17, 2024

Revolver Rabbit’s Million-Dollar Masquerade: Infoblox Uncovers The Hidden World of RDGAs

Santa Clara, Calif., July 17, 2024 — Infoblox Threat Intel released a threat landscape study of the use of registered domain generation algorithms (RDGAs) by malicious actors today.

Blog

James Barnett
July 17, 2024

RDGAs: The Next Chapter in Domain Generation Algorithms

Infoblox Threat Intel exposes registered DGAs (RDGAs), the novel DGAs that our research has found are often used to host phishing and scam sites and deliver malware.

Research Report

Infoblox Threat Intel
July 17, 2024

REGISTERED DGAs: The Prolific New Menace No One Is Talking About

Registered domain generation algorithms (RDGAs) are a programmatic mechanism that allows DNS actors to create many domain names at once or over time to register for use in their infrastructure.

Infoblox Threat Intel

Revolver Rabbit

Threat actor resources

Media Article

Criminals are spending millions on malicious domains — and it's paying off for them in a big way

Media Article

Revolver Rabbit gang registers 500,000 domains for malware campaigns

Media Article

Revolver Rabbit’s Million-Dollar Masquerade: Infoblox Uncovers The Hidden World of RDGAs

Press Release

Revolver Rabbit’s Million-Dollar Masquerade: Infoblox Uncovers The Hidden World of RDGAs

Blog

RDGAs: The Next Chapter in Domain Generation Algorithms

Research Report

REGISTERED DGAs: The Prolific New Menace No One Is Talking About

Products

Solutions

Company

Resources

Get Infoblox Email Updates